diff options
Diffstat (limited to 'src/etc/inc/interfaces.inc')
-rw-r--r-- | src/etc/inc/interfaces.inc | 186 |
1 files changed, 87 insertions, 99 deletions
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 8adadc0..49fd2ca 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -33,12 +33,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp - pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/route /usr/sbin/ngctl /usr/sbin/arp /bin/kill /usr/local/sbin/mpd5 - pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcp6c - pfSense_MODULE: interfaces - */ /* include all configuration functions */ @@ -228,28 +222,29 @@ function interface_vlan_configure(&$vlan) { return; } $if = $vlan['if']; - $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; - $tag = $vlan['tag']; - if (empty($if)) { log_error(gettext("interface_vlan_configure called with if undefined.")); return; } + $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; + $tag = $vlan['tag']; + $pcp = empty($vlan['pcp']) ? 0 : $vlan['pcp']; /* Apply "Best Effort" if not set */ + /* make sure the parent interface is up */ interfaces_bring_up($if); /* Since we are going to add vlan(4) try to enable all that hardware supports. */ pfSense_interface_capabilities($if, IFCAP_VLAN_HWTAGGING|IFCAP_VLAN_MTU|IFCAP_VLAN_HWFILTER); if (!empty($vlanif) && does_interface_exist($vlanif)) { - interface_bring_down($vlanif, true); - } else { - $tmpvlanif = pfSense_interface_create("vlan"); - pfSense_interface_rename($tmpvlanif, $vlanif); - pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); + pfSense_interface_destroy($vlanif); } - pfSense_vlan_create($vlanif, $if, $tag); + $tmpvlanif = pfSense_interface_create("vlan"); + pfSense_interface_rename($tmpvlanif, $vlanif); + pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); + + pfSense_vlan_create($vlanif, $if, $tag, $pcp); interfaces_bring_up($vlanif); @@ -807,6 +802,7 @@ function interface_gre_configure(&$gre, $grekey = "") { $realif = get_real_interface($gre['if']); $realifip = get_interface_ip($gre['if']); + $realifip6 = get_interface_ipv6($gre['if']); /* make sure the parent interface is up */ interfaces_bring_up($realif); @@ -820,7 +816,11 @@ function interface_gre_configure(&$gre, $grekey = "") { } /* Do not change the order here for more see gre(4) NOTES section. */ - mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); + if (is_ipaddrv6($gre['remote-addr'])) { + mwexec("/sbin/ifconfig {$greif} inet6 tunnel {$realifip6} " . escapeshellarg($gre['remote-addr'])); + } else { + mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); + } if ((is_ipaddrv6($gre['tunnel-local-addr'])) || (is_ipaddrv6($gre['tunnel-remote-addr']))) { /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ //mwexec("/sbin/ifconfig {$greif} inet6 " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gre['tunnel-remote-net'])); @@ -936,7 +936,11 @@ function interface_gif_configure(&$gif, $gifkey = "") { } /* Do not change the order here for more see gif(4) NOTES section. */ - mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + if (is_ipaddrv6($gif['remote-addr'])) { + mwexec("/sbin/ifconfig {$gifif} inet6 tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + } else { + mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + } if ((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ //mwexec("/sbin/ifconfig {$gifif} inet6 " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gif['tunnel-remote-net'])); @@ -1621,7 +1625,7 @@ function interface_ppps_configure($interface) { interfaces_bring_up($port); pfSense_ngctl_attach(".", $port); /* Enable setautosrc to automatically change mac address if parent interface's changes */ - mwexec("ngctl msg {$port}: setautosrc 1"); + mwexec("/usr/sbin/ngctl msg {$port}: setautosrc 1"); break; case "pptp": case "l2tp": @@ -2019,8 +2023,8 @@ EOD; /* we only support the 3gstats.php for huawei modems for now. Will add more later. */ /* We should be able to launch the right version for each modem */ /* We can also guess the mondev from the manufacturer */ - exec("usbconfig | egrep -ie '(huawei)'", $usbmodemoutput); - mwexec("/bin/ps auxww|grep \"{$interface}\" |grep \"[3]gstats\" | awk '{print $2}' |xargs kill"); + exec("/usr/sbin/usbconfig | /usr/bin/egrep -ie '(huawei)'", $usbmodemoutput); + mwexec("/bin/ps auxww | /usr/bin/grep \"{$interface}\" | /usr/bin/grep \"[3]gstats\" | /usr/bin/awk '{print $2}' | /usr/bin/xargs kill"); foreach ($ports as $port) { if (preg_match("/huawei/i", implode("\n", $usbmodemoutput))) { $mondev = substr(basename($port), 0, -1); @@ -2653,29 +2657,8 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) { $wlcmd[] = "-wme"; } - /* set up wep if enabled */ - $wepset = ""; - if (isset($wlcfg['wep']['enable']) && is_array($wlcfg['wep']['key'])) { - switch ($wlcfg['wpa']['auth_algs']) { - case "1": - $wepset .= "authmode open wepmode on "; - break; - case "2": - $wepset .= "authmode shared wepmode on "; - break; - case "3": - $wepset .= "authmode mixed wepmode on "; - } - $i = 1; - foreach ($wlcfg['wep']['key'] as $wepkey) { - $wepset .= "wepkey " . escapeshellarg("{$i}:{$wepkey['value']}") . " "; - if (isset($wepkey['txkey'])) { - $wlcmd[] = "weptxkey {$i} "; - } - $i++; - } - $wlcmd[] = $wepset; - } else if (isset($wlcfg['wpa']['enable'])) { + /* Enable wpa if it's configured. No WEP support anymore. */ + if (isset($wlcfg['wpa']['enable'])) { $wlcmd[] = "authmode wpa wepmode off "; } else { $wlcmd[] = "authmode open wepmode off "; @@ -2732,7 +2715,6 @@ ctrl_interface_group=wheel #macaddr_acl={$wlcfg['wpa']['macaddr_acl']} ssid={$wlcfg['ssid']} debug={$wlcfg['wpa']['debug_mode']} -auth_algs={$wlcfg['wpa']['auth_algs']} wpa={$wlcfg['wpa']['wpa_mode']} wpa_key_mgmt={$wlcfg['wpa']['wpa_key_mgmt']} wpa_pairwise={$wlcfg['wpa']['wpa_pairwise']} @@ -3294,57 +3276,55 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } } - // Limit the MTU to 1500 if no explicit MTU configured - if ($wantedmtu == 0 && get_interface_mtu($mtuif) > 1500) { - $wantedmtu = 1500; + // Set the MTU to 1500 if no explicit MTU configured + if ($wantedmtu == 0) { + $wantedmtu = 1500; /* Default */ } - if ($wantedmtu != 0) { - if (stristr($mtuif, "_vlan")) { - $assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif); - if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { - $parentmtu = $config['interfaces'][$assignedparent]['mtu']; - if ($wancfg['mtu'] > $parentmtu) { - log_error("There is a conflict on MTU between parent {$mtuhwif} and VLAN({$mtuif})"); - } - } else { - $parentmtu = 0; + if (stristr($mtuif, "_vlan")) { + $assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif); + if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { + $parentmtu = $config['interfaces'][$assignedparent]['mtu']; + if ($wancfg['mtu'] > $parentmtu) { + log_error("There is a conflict on MTU between parent {$mtuhwif} and VLAN({$mtuif})"); } + } else { + $parentmtu = 0; + } - $parentmtu = interface_vlan_mtu_configured($mtuhwif, $parentmtu); + $parentmtu = interface_vlan_mtu_configured($mtuhwif, $parentmtu); - if (get_interface_mtu($mtuhwif) != $parentmtu) { - pfSense_interface_mtu($mtuhwif, $parentmtu); - } + if (get_interface_mtu($mtuhwif) != $parentmtu) { + pfSense_interface_mtu($mtuhwif, $parentmtu); + } - /* All vlans need to use the same mtu value as their parent. */ - interface_vlan_adapt_mtu(link_interface_to_vlans($mtuhwif), $parentmtu); - } else if (substr($mtuif, 0, 4) == 'lagg') { - /* LAGG interface must be destroyed and re-created to change MTU */ - if ($wantedmtu != get_interface_mtu($mtuif)) { - if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { - foreach ($config['laggs']['lagg'] as $lagg) { - if ($lagg['laggif'] == $mtuif) { - interface_lagg_configure($lagg); - break; - } + /* All vlans need to use the same mtu value as their parent. */ + interface_vlan_adapt_mtu(link_interface_to_vlans($mtuhwif), $parentmtu); + } else if (substr($mtuif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wantedmtu != get_interface_mtu($mtuif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $mtuif) { + interface_lagg_configure($lagg); + break; } } } - } else { - if ($wantedmtu != get_interface_mtu($mtuif)) { - pfSense_interface_mtu($mtuif, $wantedmtu); - } + } + } else { + if ($wantedmtu != get_interface_mtu($mtuif)) { + pfSense_interface_mtu($mtuif, $wantedmtu); + } - /* This case is needed when the parent of vlans is being configured */ - $vlans = link_interface_to_vlans($mtuif); - if (is_array($vlans)) { - interface_vlan_adapt_mtu($vlans, $wantedmtu); - } - unset($vlans); + /* This case is needed when the parent of vlans is being configured */ + $vlans = link_interface_to_vlans($mtuif); + if (is_array($vlans)) { + interface_vlan_adapt_mtu($vlans, $wantedmtu); } - /* XXX: What about gre/gif/.. ? */ + unset($vlans); } + /* XXX: What about gre/gif/.. ? */ switch ($wancfg['ipaddr']) { case 'dhcp': @@ -4473,7 +4453,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan", $ if (stripos($interface, "_vip")) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carp") { - if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + if ($interface == "_vip{$vip['uniqid']}") { return $vip['interface']; } } @@ -4546,7 +4526,7 @@ function convert_friendly_interface_to_friendly_descr($interface) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carp") { - if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + if ($interface == "_vip{$vip['uniqid']}") { return "{$vip['subnet']} - {$vip['descr']}"; } } @@ -4706,6 +4686,7 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = case "openvpn": $wanif = "openvpn"; break; + case "IPsec": case "ipsec": case "enc0": $wanif = "enc0"; @@ -4715,7 +4696,7 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = break; default: if (substr($interface, 0, 4) == '_vip') { - $wanif = get_configured_carp_interface_list($interface, '', 'iface'); + $wanif = get_configured_carp_interface_list($interface, $family, 'iface'); if (!empty($wanif)) { $wanif = get_real_interface($wanif, $family); } @@ -4899,7 +4880,7 @@ function find_virtual_ip_alias($ip, $bits = null) { * find_number_of_created_carp_interfaces: return the number of carp interfaces */ function find_number_of_created_carp_interfaces() { - return `/sbin/ifconfig | grep "carp:" | wc -l`; + return `/sbin/ifconfig | /usr/bin/grep "carp:" | /usr/bin/wc -l`; } /* @@ -5370,11 +5351,19 @@ function get_possible_listen_ips($include_ipv6_link_local=false) { /* XXX: Maybe use array_merge below? */ $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + if (get_vip_descr($carpip)) { + $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + } else { + $interfaces[$cif] = $carpip; + } } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; + if (get_vip_descr($aliasip)) { + $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; + } else { + $interfaces[$aliasip] = $aliasip; + } } $interfaces['lo0'] = 'Localhost'; @@ -5401,17 +5390,16 @@ function get_possible_traffic_source_addresses($include_ipv6_link_local=false) { function get_interface_ip($interface = "wan") { - $realif = get_failover_interface($interface); + $realif = get_failover_interface($interface, 'inet'); if (!$realif) { return null; } - if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet', 'ip'); - } - - if (strstr($realif, "_vip")) { - return get_configured_carp_interface_list($realif); + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet', 'ip'); + } else if (substr($interface, 0, 5) == '_lloc') { + /* No link-local address for v4. */ + return null; } $curip = find_interface_ip($realif); @@ -5430,9 +5418,9 @@ function get_interface_ipv6($interface = "wan", $flush = false) { return null; } - if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet6', 'ip'); - } else if (substr($realif, 0, 5) == '_lloc') { + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet6', 'ip'); + } else if (substr($interface, 0, 5) == '_lloc') { return get_interface_linklocal($interface); } |